I just had to reinstall laptop from scratch (Fedora 28), andI restored my home directory from a backup. After doing so I was getting this error trying to access my repo
[mareynol@localhost 389-ds-base]$ git pull sign_and_send_pubkey: signing failed: agent refused operation git@pagure.io: Permission denied (publickey). fatal: Could not read from remote repository.
So I regenerated my fedora ssh keys and uploaded the public keys to my FAS account and to my Pagure account, but I still get the same errors. Here is a little more debug info:
``` [mareynol@localhost 389-ds-base]$ ssh -vvv git@pagure.io OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for debug2: resolving "pagure.io" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22. debug1: Connection established. debug1: identity file /home/mareynol/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to pagure.io:22 as 'git' debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41 debug2: Server host certificate hostname: pagure.io debug2: Server host certificate hostname: pagure01.fedoraproject.org debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug1: No matching CA found. Retry with plain key debug1: Host 'pagure.io' is known and matches the RSA host key. debug1: Found key in /home/mareynol/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug2: key: /home/mareynol/.ssh/id_rsa (0x55bc05eeee00), agent debug2: key: mareynol@redhat.com (0x55bc05ef2130), agent debug2: key: /home/mareynol/.ssh/id_dsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil)) debug2: key: /home/mareynol/.ssh/id_xmss ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:############my HASH 1 ################### /home/mareynol/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug1: Offering public key: RSA SHA256:############my HASH 2 ################### mareynol@redhat.com debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:############my HASH 2 ################### debug3: sign_and_send_pubkey: RSA SHA256:############my HASH 2 ################### sign_and_send_pubkey: signing failed: agent refused operation debug1: Trying private key: /home/mareynol/.ssh/id_dsa debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ed25519 debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_xmss debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. git@pagure.io: Permission denied (publickey).
Please make sure you have the correct access rights and the repository exists. [mareynol@localhost 389-ds-base]$ ssh -vvv git@pagure.io OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for debug2: resolving "pagure.io" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22. debug1: Connection established. debug1: identity file /home/mareynol/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to pagure.io:22 as 'git' debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41 debug2: Server host certificate hostname: pagure.io debug2: Server host certificate hostname: pagure01.fedoraproject.org debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug1: No matching CA found. Retry with plain key debug1: Host 'pagure.io' is known and matches the RSA host key. debug1: Found key in /home/mareynol/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug2: key: /home/mareynol/.ssh/id_rsa (0x55bc05eeee00), agent debug2: key: mareynol@redhat.com (0x55bc05ef2130), agent debug2: key: /home/mareynol/.ssh/id_dsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil)) debug2: key: /home/mareynol/.ssh/id_xmss ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:B48YhpA0OfEnUOnxNuLk1ZHh9BpWUWM33HoBnm55jU0 /home/mareynol/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 mareynol@redhat.com debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 sign_and_send_pubkey: signing failed: agent refused operation debug1: Trying private key: /home/mareynol/.ssh/id_dsa debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ed25519 debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_xmss debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. git@pagure.io: Permission denied (publickey). ```
So, you have " sign_and_send_pubkey: signing failed: agent refused operation". This is an issue with your SSH agent where it is basically first offering the key, but upon being asked to prove ownership, refuses. Could you try with SSH_AUTH_SOCK= ssh -vvv git@pagure.io to bypass the agent and determine if it's a bug in e.g. gnome-keyring-daemon? (I've seen it refuse to sign often enough when you get a new key until it's restarted)
SSH_AUTH_SOCK= ssh -vvv git@pagure.io
I did restart my laptop (still fails), and here is new the output:
$ SSH_AUTH_SOCK= ssh -vvv git@pagure.io OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for debug2: resolving "pagure.io" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22. debug1: Connection established. debug1: identity file /home/mareynol/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to pagure.io:22 as 'git' debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41 debug2: Server host certificate hostname: pagure.io debug2: Server host certificate hostname: pagure01.fedoraproject.org debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from pagure.io debug1: No matching CA found. Retry with plain key debug1: Host 'pagure.io' is known and matches the RSA host key. debug1: Found key in /home/mareynol/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: Connection refused debug2: key: /home/mareynol/.ssh/id_rsa (0x561c1b082dc0) debug2: key: /home/mareynol/.ssh/id_dsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil)) debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil)) debug2: key: /home/mareynol/.ssh/id_xmss ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:B48YhpA0OfEnUOnxNuLk1ZHh9BpWUWM33HoBnm55jU0 /home/mareynol/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug1: Trying private key: /home/mareynol/.ssh/id_dsa debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_ed25519 debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/mareynol/.ssh/id_xmss debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. git@pagure.io: Permission denied (publickey).
I don't see it mentioning: /.ssh/id_rsa_fedora, only my RedHat Key "id_rsa"
The server has the key with fingerprint SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4, but your client is no longer sending this without agent. Try this: SSH_AUTH_SOCK= ssh -vvv git@pagure.io -o IdentityFile=~/.ssh/id_rsa_fedora.
SSH_AUTH_SOCK= ssh -vvv git@pagure.io -o IdentityFile=~/.ssh/id_rsa_fedora
If that works, you want to add an .ssh/config entry with an IdentityFile option.
... ... debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 /home/mareynol/.ssh/id_rsa_fedora debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/home/mareynol/.ssh/id_rsa_fedora' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "/home/mareynol/.ssh/id_rsa_fedora": bad permissions debug2: we did not send a packet, disable method debug1: No more authentication methods to try. git@pagure.io: Permission denied (publickey).
What are the ideal permissions to set on my public key?
... ... debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 /home/mareynol/.ssh/id_rsa_fedora debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/home/mareynol/.ssh/id_rsa_fedora' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "/home/mareynol/.ssh/id_rsa_fedora": bad permissions debug2: we did not send a packet, disable method debug1: No more authentication methods to try. git@pagure.io: Permission denied (publickey). What are the ideal permissions to set on my public key?
Public key permissions don't matter. Private key permissions must be 0600 and owned by your user (well, technically 0400 would work too, but at least it needs to be 0x00, so go-rwx).
Also, I'm wondering if gnome-keyring-daemon enforces this too but just doesn't log about it.
Now it all works after changing the permissions. Thanks!!!!!
No problem at all. Let us know if we can help with anything else.
Metadata Update from @puiterwijk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.